Issue1391767
Created on 2005-12-28.07:20:00 by anonymous, last changed 2009-03-03.16:30:46 by fwierzbicki.
msg1086 (view) |
Author: Nobody/Anonymous (nobody) |
Date: 2005-12-28.07:20:00 |
|
There is way to implement security with Jython by
using Java SecurityManager but it does not provide a
means by which class level access control can be
applied.
Jython should provide some means by which the user of
Jython can specify which Java classes should be
available to scripts. Preferably, it should provide an
Interface that the interested users can implement.
Jython should call a method (from this interface)
like, visibleToScripts(fully qualified class/package
name). If it returns true then the class should be
visible to the scripts. If it returns false then the
class should not be accessible to the script. Some
form of caching can be implemented here to reduce
multiple calls to visibleToScripts() for the same
class.
I am not sure how complex this feature is to
implement. On Jython mailing lists I have seen people
saying that security wasn't in consideration while
Jython development. But I fell these kind of arguments
should now be left behind.
With the help of this proposed extension and with Java
SecurityManager a good security model can be put in
place while using Jython and would allow developers to
use Jython even where security is a concern.
~ Neeraj
|
msg4175 (view) |
Author: Frank Wierzbicki (fwierzbicki) |
Date: 2009-03-03.16:30:46 |
|
We'd certainly look at patches to implement such an approach, but I
don't think this bug is worth leaving open.
|
|
Date |
User |
Action |
Args |
2009-03-03 16:30:46 | fwierzbicki | set | status: open -> closed nosy:
+ fwierzbicki messages:
+ msg4175 |
2005-12-28 07:20:00 | anonymous | create | |
|